hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Exact hostnames grants take precedence over wildcard grants

Browse Source 
MariaDB and others match grants first by exact hostname/IP and then by
wildcard. If there are no exact matches, the wildcard grant should be
picked. This can be tested by having different passwords for localhost and
remote address.

The SQLite based authentication should first check for an exact match and
then only after that should it try to match the hostname to a wildcard
grant.
This commit is contained in:
Markus Mäkelä
2017-01-30 12:53:54 +02:00
parent ba16b8ca1c
commit b206300975
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/authenticator/MySQLAuth/dbusers.c
View File

@ -463,7 +463,7 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
char *err;
sprintf(sql, mysqlauth_validate_user_query, session->user, dcb->remote,
session->db, session->db);
dcb->remote, session->db, session->db);
struct user_query_result res = {};
@ -482,7 +482,7 @@ bool validate_mysql_user(sqlite3 *handle, DCB *dcb, MYSQL_session *session,
char client_hostname[MYSQL_HOST_MAXLEN];
wildcard_domain_match(dcb->remote, client_hostname);
sprintf(sql, mysqlauth_validate_user_query, session->user, client_hostname,
session->db, session->db);
client_hostname, session->db, session->db);
if (sqlite3_exec(handle, sql, auth_cb, &res, &err) != SQLITE_OK)
{